CVE-2022-28772
HIGHSAP Web Dispatcher and Internet Communication Manager - Stack-based Buffer Overflow
Title source: llmDescription
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3111311
Scores
CVSS v3
7.5
EPSS
0.0114
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (15)
sap/netweaver
7.22ext
sap/netweaver
7.49
sap/netweaver
7.53
sap/netweaver
7.77
sap/netweaver
7.81
sap/netweaver
7.85
sap/netweaver
7.86
sap/netweaver
kernel_7.22
sap/netweaver
krnl64nuc_7.22
sap/netweaver
krnl64uc_7.22
... and 5 more
Published
Apr 12, 2022
Tracked Since
Feb 18, 2026